1 Reply

You're performing an authentication and API authorization request (aka audience parameter). The use of API authorization implies that the authentication response will strictly follow the OpenID Connect (OIDC) specification.

This means that by default only claims specified as part of that specification will be included in the issued ID token. The updated_at is one of the standard claims, however, `created_at` is not a standard OIDC claim so it is not returned.

You can include custom claims in the issued ID token, although they need to be namespace, so you could include the information available in the created_at field as part of a custom namespaced claim. For reference information on how to accomplish this see: